Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-30 | CVE-2023-40595 | Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. | 8.8 |
2023-08-25 | CVE-2023-24621 | Deserialization of Untrusted Data vulnerability in Esotericsoftware Yamlbeans An issue was discovered in Esoteric YamlBeans through 1.15. | 7.8 |
2023-08-24 | CVE-2023-34040 | Deserialization of Untrusted Data vulnerability in VMWare Spring for Apache Kafka In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. | 7.8 |
2023-08-21 | CVE-2023-39106 | Deserialization of Untrusted Data vulnerability in Alibabacloud Nacos Spring Project An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. | 8.8 |
2023-08-14 | CVE-2023-3259 | Deserialization of Untrusted Data vulnerability in Dataprobe products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. | 9.8 |
2023-08-13 | CVE-2023-39396 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos Deserialization vulnerability in the input module. | 7.5 |
2023-08-02 | CVE-2022-40609 | Deserialization of Untrusted Data vulnerability in IBM SDK IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. | 9.8 |
2023-07-31 | CVE-2021-31680 | Deserialization of Untrusted Data vulnerability in Ultralytics Yolov5 Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file. | 7.8 |
2023-07-31 | CVE-2021-31681 | Deserialization of Untrusted Data vulnerability in Ultralytics Yolov3 Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file. | 7.8 |
2023-07-31 | CVE-2023-24971 | Deserialization of Untrusted Data vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. | 6.5 |